Redirecting mail

Ilo Lorusso sneak at ipnoc.co.za
Mon Apr 11 17:05:18 CEST 2005


Ok,
Ive actually got 2 hops between the machines..

its  ...

 172.20.128.56

1 PIX Firewall
2 Nortel Passport (router)

 192.168.12.56

But these two machines are able to see each other and have full access to
each other, just completely seperate networks.

is it still possible to do that advanced routing even though the hope 
between are not linux devices ??


----- Original Message ----- 
From: "Grant Taylor" <gtaylor at riverviewtech.net>
To: "Ilo Lorusso" <sneak at ipnoc.co.za>
Cc: <netfilter at lists.netfilter.org>
Sent: Saturday, April 09, 2005 8:58 PM
Subject: Re: Redirecting mail


>> Hi,
>> I would just like to confirm with you, if machine 192.168.16.56 is to on
>> the same switch but 3 hops away will the method you describe still work?
>
> Based on your choice of word of "hop(s)" I'm going to assume that the
> 172,20,128.56 mail server that you want to route it's SMTP connections out
> a different INet connection is not directly connected to the same subnet
> that the 192.168.16.56 system is on.  That being the case I'm going to
> assume that you do have a way to establish a route internally on your lan
> via the 192.168.16.x/24 network to an unknown network, to any more unknown
> networks, to the 192.168.16.x/24 network.  If this is indeed the case I
> would make sure that all the routers that the traffic has to pass through
> to pass in to each network have a path to each of the other networks.  An
> example below should help with this.
>
> [Machine A]
> INet connection with unknown IP
> 172.20.128.56 on the 172.20.128.x/24 network
>
> [Machine B]
> 172.20.128.254 on the 172.20.128.x/24 network
> 10.0.0.1 on the 10.0.0.x/24 network
>
> [Machine C]
> 10.0.0.254 on the 10.0.0.x/24 network
> 192.168.144.1 on the 192.168.144.x/24 network
>
> [Machine D]
> 192.168.144.254 on the 192.168.144.x/24 network
> 192.168.16.1 on the 192.168.16.x/24 network
>
> [Machine E]
> 192.168.16.56 on the 192.168.16.x/24 network
> INet connection with an unknown IP
>
> Following the above example I'm going to assume that you are wanting to
> route all SMTP traffic from Machine A out Machine E's internet connection.
> To do this I would make sure that machines / routers have at least the
> following in their (main) routing tables:
>
> [Machine A's partial routing table]
> INet connection is local to Machine A
> 172.20.128.x/24 network is local to Machine A
> 10.0.0.x/24 network via Machine B metric of 1
> 192.168.144.x/24 network via Machine B metric of 2
> 192.168.16.x/24 network via Machine B metric of 3
>
> [Machine B's partial routing table]
> 172.20.128.x/24 network is local to Machine B
> 10.0.0.x/24 network is local to Machine B
> 192.168.144.x/24 network via Machine C metric of 1
> 192.168.16.x/24 network via Machine C metric of 2
>
> [Machine C's partial routing table]
> 172.20.128.x/24 network via Machine B metric of 1
> 10.0.0.x/24 network is local to Machine C
> 192.168.144.x/24 network is local to Machine C
> 192.168.16.x/24 network via Machine D metric of 1
>
> [Machine D's partial routing table]
> 172.20.128.x/24 network via Machine C metric of 2
> 10.0.0.x/24 network via Machine C metric of 1
> 192.168.144.x/24 is local to Machine D
> 192.168.16.x/24 is local to Machine D
>
> [Machine E's partial routing table]
> 172.20.128.x/24 network via Machine D metric of 3
> 10.0.0.x/24 network via Machine D metrick of 2
> 192.168.144.x/24 network via Machine D metric of 1
> 192.168.16.x/24 is local to Machine E
> INet connection is local to Machine E
>
> This will allow your traffic to pass from machine A to Machine E with
> known routes.  The only thing that might cause a problem is if you have
> firewalls on all systems DROPping or REJECTing traffic that is not from
> the local network trying to pass through it.  But if you open up your
> firewalls to the traffic on each of the networks that need to pass through
> then there is no reason why traffic from Machine A could not pass out the
> INet connection on Machine E.
>
> If you would like to give me some more details on what your network
> topology is I'd do my best to help you with what your routing tables would
> need to look like.
>
>
>
> Grant. . . .
>




More information about the netfilter mailing list